Add username to Windows Programs query
Hello everyone,
I need help with a simple query as I'm not well versed in SQL. Basically this is the query:
SELECT name, version, install_location, install_source, publisher, install_date, identifying_number FROM programs Where name LIKE '%CAD%' …
Using Live Discover to get more flexible Threat Indicator results and perform powerful Threat Searches
After the launch of Intercept X Advanced with EDR in late 2018, we introduced the EDRv1 Data Feed (aka Trickle Feed) functionality to enable Administrators to easily view Threat Indicators and perform Threat Searches. Now there is a better way! The Live…
EDR Query to find all local admins (Windows)
I am searching for a way to query the local Administrators security group on every device in our environment. This seems like something Live Discover is capable of doing, but I haven't been able to figure out the OSQuery syntax to get it done. Right now…